Lucene search
+L

10321 matches found

osv
osv
added 2026/07/03 7:16 a.m.7 views

ALPINE-CVE-2026-9080

Calling curleasypause within the event-based CURLMOPTSOCKETFUNCTION callback triggers a use-after-free vulnerability, where libcurl attempts to store a flag using a dangling struct pointer immediately after that pointer's memory has been freed...

7.3CVSS5.9AI score0.00494EPSS
Exploits1References1
osv
osv
added 2026/07/03 7:16 a.m.4 views

ALPINE-CVE-2026-8926

When asking curl to use a .netrc file to find credentials and at the same time specifying a URL with a usernamewithout a password, like https://[email protected]/, curl could wrongly get and use the password for another user set in the .netrc file for that host if such a one exists and there is no...

9.1CVSS6AI score0.0061EPSS
Exploits1References1
nvd
nvd
added 2026/07/03 7:16 a.m.7 views

CVE-2026-8924

A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains...

9.1CVSS0.00649EPSS
Exploits1References3
nvd
nvd
added 2026/07/03 7:16 a.m.14 views

CVE-2026-8458

libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use different 'services'. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When...

6.5CVSS0.00543EPSS
Exploits1References3
nvd
nvd
added 2026/07/03 7:16 a.m.14 views

CVE-2026-8925

The curl logic that works with SASL authentication could end up cleaning up the GSASL context twice without clearing the pointer in between, making it free the same pointer twice...

9.8CVSS0.0108EPSS
Exploits1References3
osv
osv
added 2026/07/03 7:16 a.m.4 views

ALPINE-CVE-2026-12064

When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...

7.5CVSS6AI score0.00574EPSS
Exploits1References1
osv
osv
added 2026/07/03 7:16 a.m.4 views

ALPINE-CVE-2026-8924

A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains...

9.1CVSS6AI score0.00649EPSS
Exploits1References1
osv
osv
added 2026/07/03 7:16 a.m.5 views

ALPINE-CVE-2026-8925

The curl logic that works with SASL authentication could end up cleaning up the GSASL context twice without clearing the pointer in between, making it free the same pointer twice...

9.8CVSS5.9AI score0.0108EPSS
Exploits1References1
nvd
nvd
added 2026/07/03 7:16 a.m.10 views

CVE-2026-10536

A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via CURLOPTSTREAMDEPENDS or CURLOPTSTREAMDEPENDSE, subsequently invokes curleasyreset, and finally terminates the handle with curleasycleanup. During this final cleanup phase, libcurl...

9.8CVSS0.00891EPSS
Exploits1References3
nvd
nvd
added 2026/07/03 7:16 a.m.8 views

CVE-2026-11352

An issue in curl’s QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against a curl or libcurl client. Because the helper function discards zero-length UDP datagrams before counting them toward the per-call packet budget, a connected QUIC peer can...

7.5CVSS0.0101EPSS
Exploits1References3
nvd
nvd
added 2026/07/03 7:16 a.m.8 views

CVE-2026-11586

By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for unacknowledged frames, a malicious server can exhaust all available memory by flooding curl with rapid, sequential PING messages...

7.5CVSS0.0086EPSS
Exploits1References3
osv
osv
added 2026/07/03 7:16 a.m.5 views

ALPINE-CVE-2026-11586

By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for unacknowledged frames, a malicious server can exhaust all available memory by flooding curl with rapid, sequential PING messages...

7.5CVSS6AI score0.0086EPSS
Exploits1References1
osv
osv
added 2026/07/03 7:16 a.m.4 views

ALPINE-CVE-2026-11352

An issue in curl’s QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against a curl or libcurl client. Because the helper function discards zero-length UDP datagrams before counting them toward the per-call packet budget, a connected QUIC peer can...

7.5CVSS6.7AI score0.0101EPSS
Exploits1References1
osv
osv
added 2026/07/03 7:16 a.m.3 views

ALPINE-CVE-2026-10536

A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via CURLOPTSTREAMDEPENDS or CURLOPTSTREAMDEPENDSE, subsequently invokes curleasyreset, and finally terminates the handle with curleasycleanup. During this final cleanup phase, libcurl...

9.8CVSS6AI score0.00891EPSS
Exploits1References1
euvd
euvd
added 2026/07/03 6:17 a.m.10 views

EUVD-2026-41511

Calling curleasypause within the event-based CURLMOPTSOCKETFUNCTION callback triggers a use-after-free vulnerability, where libcurl attempts to store a flag using a dangling struct pointer immediately after that pointer's memory has been freed...

5.9AI score0.00494EPSS
Exploits1References3
cve
cve
added 2026/07/03 6:17 a.m.29 views

CVE-2026-9080

CVE-2026-9080 is a use-after-free in libcurl triggered when curl_easy_pause() is called from the event-based CURLMOPT_SOCKETFUNCTION callback. The underlying issue is a freed mev_sh_entry pointer being used to update tracing fields, potentially allowing DoS or code execution paths. Affected softw...

7.3CVSS5.9AI score0.00494EPSS
Exploits1References3Affected Software1
cvelist
cvelist
added 2026/07/03 6:17 a.m.45 views

CVE-2026-9080 UAF after pause in socket callback

Calling curleasypause within the event-based CURLMOPTSOCKETFUNCTION callback triggers a use-after-free vulnerability, where libcurl attempts to store a flag using a dangling struct pointer immediately after that pointer's memory has been freed...

0.00494EPSS
Exploits1References3
alpinelinux
alpinelinux
added 2026/07/03 6:17 a.m.8 views

CVE-2026-9080

Calling curleasypause within the event-based CURLMOPTSOCKETFUNCTION callback triggers a use-after-free vulnerability, where libcurl attempts to store a flag using a dangling struct pointer immediately after that pointer's memory has been freed...

7.3CVSS5.9AI score0.00494EPSS
Exploits1References3
alpinelinux
alpinelinux
added 2026/07/03 6:16 a.m.8 views

CVE-2026-8927

When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against proxyA using Digest auth, a subsequent transfer routed...

9.1CVSS5.9AI score0.00752EPSS
Exploits1References3
euvd
euvd
added 2026/07/03 6:15 a.m.10 views

EUVD-2026-41507

When asking curl to use a .netrc file to find credentials and at the same time specifying a URL with a usernamewithout a password, like https://[email protected]/, curl could wrongly get and use the password for another user set in the .netrc file for that host if such a one exists and there is no...

6AI score0.0061EPSS
Exploits1References3
Rows per page
Query Builder